EPR Information Governance Lead
| Posting date: | 23 December 2025 |
|---|---|
| Salary: | £72,921.00 to £83,362.00 per year |
| Additional salary information: | £72921.00 - £83362.00 a year |
| Hours: | Full time |
| Closing date: | 09 January 2026 |
| Location: | Denmark Hill, SE5 8AD |
| Company: | NHS Jobs |
| Job type: | Contract |
| Job reference: | C9334-25-1335 |
Summary
Key Responsibilities: The postholder will act as the Information Governance lead and subject matter expert within the EPR Programme, providing strategic and operational oversight of all data protection and confidentiality matters. They will ensure that information governance principles are embedded across all programme workstreams, supporting the safe and compliant implementation of the new EPR. This includes advising on data protection by design, managing privacy risks, assuring supplier compliance, and supporting the Trusts statutory obligations under the UK GDPR and Data Protection Act 2018. The role will also promote a culture of good information handling practices across the organisation, working closely with clinical, operational, and technical teams to enable the effective and lawful use of information within the new digital environment. 1. Information Governance Leadership Support the DPO by leading on all IG-related activities across the EPR Programme lifecycle, from procurement and design to go-live and post-implementation. Provide specialist advice and assurance to the EPR Programme Board, SRO, and Programme Director on IG and data protection risks, controls, and mitigations. Develop and maintain programme-level IG artefacts including: Data Protection Impact Assessments (DPIAs) Data Sharing / Processing Agreements Privacy Notices and Records of Processing Activities IG Risk Registers and Mitigation Plans Embed data protection by design and by default principles in all new workflows, integrations, and supplier relationships. Ensure all IG artefacts gain appropriate internal approval 2. Data Protection Compliance Ensure that the EPR Programme aligns with UK GDPR, the Data Protection Act 2018, and NHS guidance. Support the DPO in monitoring and evidencing compliance, and ensure all relevant activities are reflected in the Trusts Data Security and Protection Toolkit (DSPT). Review and assure supplier contracts to ensure robust data processing clauses and lawful data sharing arrangements. Lead on the management of IG incidents and support Root Cause Analysis (RCA) in relation to the programme. 3. Liaison and Partnership Act as the key point of contact for all IG and data protection matters within the EPR Programme. Work collaboratively with: The Trusts DPO, SIRO, and Caldicott Guardian Digital Security and Clinical Safety Officers Legal and Procurement teams Third-party suppliers (e.g., system vendors, integration partners) Information Governance and Records Management teams across SLaM and the wider South London Partnership (SLP) Ensure alignment with regional and national data protection standards and share best practice with other Trusts undertaking EPR implementations. 4. Assurance and Reporting Develop and maintain programme-level IG dashboards and reports for governance forums (e.g. Programme Board, SIRO reports, and Trust Information Governance Group). Provide expert input into programme risk registers and contribute to external assurance reviews (e.g., IG audits, compliance inspections). Liaise with the Information Commissioners Office (ICO) where necessary, supporting the DPO in formal submissions. 5. Policy, Training, and Culture Support the update and development of relevant Trust policies relating to data protection, confidentiality, and records management as they pertain to the EPR. Promote an open and informed culture around data protection and IG awareness within the EPR Programme and wider clinical teams. Develop and deliver IG training materials specific to the new EPR and associated change programmes. Support embedding of the Caldicott and confidentiality principles within the systems design and rollout.